Over-the-Air Adversarial Attacks on Deep Learning Based Modulation
Classifier over Wireless Channels
- URL: http://arxiv.org/abs/2002.02400v2
- Date: Thu, 13 Feb 2020 17:35:34 GMT
- Title: Over-the-Air Adversarial Attacks on Deep Learning Based Modulation
Classifier over Wireless Channels
- Authors: Brian Kim and Yalin E. Sagduyu and Kemal Davaslioglu and Tugba Erpek
and Sennur Ulukus
- Abstract summary: We consider a wireless communication system that consists of a transmitter, a receiver, and an adversary.
In the meantime, the adversary makes over-the-air transmissions that are received as superimposed with the transmitter's signals.
We present how to launch a realistic evasion attack by considering channels from the adversary to the receiver.
- Score: 43.156901821548935
- License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
- Abstract: We consider a wireless communication system that consists of a transmitter, a
receiver, and an adversary. The transmitter transmits signals with different
modulation types, while the receiver classifies its received signals to
modulation types using a deep learning-based classifier. In the meantime, the
adversary makes over-the-air transmissions that are received as superimposed
with the transmitter's signals to fool the classifier at the receiver into
making errors. While this evasion attack has received growing interest
recently, the channel effects from the adversary to the receiver have been
ignored so far such that the previous attack mechanisms cannot be applied under
realistic channel effects. In this paper, we present how to launch a realistic
evasion attack by considering channels from the adversary to the receiver. Our
results show that modulation classification is vulnerable to an adversarial
attack over a wireless channel that is modeled as Rayleigh fading with path
loss and shadowing. We present various adversarial attacks with respect to
availability of information about channel, transmitter input, and classifier
architecture. First, we present two types of adversarial attacks, namely a
targeted attack (with minimum power) and non-targeted attack that aims to
change the classification to a target label or to any other label other than
the true label, respectively. Both are white-box attacks that are transmitter
input-specific and use channel information. Then we introduce an algorithm to
generate adversarial attacks using limited channel information where the
adversary only knows the channel distribution. Finally, we present a black-box
universal adversarial perturbation (UAP) attack where the adversary has limited
knowledge about both channel and transmitter input.
Related papers
- Transfer-based Adversarial Poisoning Attacks for Online (MIMO-)Deep Receviers [44.051757540209756]
We propose a transfer-based adversarial poisoning attack method for online receivers.
Without knowledge of the attack target, perturbations are injected to the pilots, poisoning the online deep receiver.
Simulation results indicate that the proposed poisoning attack significantly reduces the performance of online receivers.
arXiv Detail & Related papers (2024-09-04T04:17:57Z) - Secure Semantic Communication via Paired Adversarial Residual Networks [59.468221305630784]
This letter explores the positive side of the adversarial attack for the security-aware semantic communication system.
A pair of matching pluggable modules is installed: one after the semantic transmitter and the other before the semantic receiver.
The proposed scheme is capable of fooling the eavesdropper while maintaining the high-quality semantic communication.
arXiv Detail & Related papers (2024-07-02T08:32:20Z) - Vulnerabilities of Deep Learning-Driven Semantic Communications to
Backdoor (Trojan) Attacks [70.51799606279883]
This paper highlights vulnerabilities of deep learning-driven semantic communications to backdoor (Trojan) attacks.
Backdoor attack can effectively change the semantic information transferred for poisoned input samples to a target meaning.
Design guidelines are presented to preserve the meaning of transferred information in the presence of backdoor attacks.
arXiv Detail & Related papers (2022-12-21T17:22:27Z) - Is Semantic Communications Secure? A Tale of Multi-Domain Adversarial
Attacks [70.51799606279883]
We introduce test-time adversarial attacks on deep neural networks (DNNs) for semantic communications.
We show that it is possible to change the semantics of the transferred information even when the reconstruction loss remains low.
arXiv Detail & Related papers (2022-12-20T17:13:22Z) - Channel Effects on Surrogate Models of Adversarial Attacks against
Wireless Signal Classifiers [42.56367378986028]
We consider a wireless communication system that consists of a background emitter, a transmitter, and an adversary.
The adversary generates adversarial attacks to fool the transmitter into misclassifying the channel as idle.
We consider different topologies to investigate how different surrogate models that are trained by the adversary affect the performance of the adversarial attack.
arXiv Detail & Related papers (2020-12-03T18:46:28Z) - Adversarial Attacks with Multiple Antennas Against Deep Learning-Based
Modulation Classifiers [43.156901821548935]
We show how to utilize multiple antennas at the adversary to improve the adversarial (evasion) attack performance.
We introduce an attack to transmit the adversarial perturbation through the channel with the largest channel gain at the symbol level.
arXiv Detail & Related papers (2020-07-31T17:56:50Z) - Channel-Aware Adversarial Attacks Against Deep Learning-Based Wireless
Signal Classifiers [43.156901821548935]
This paper presents channel-aware adversarial attacks against deep learning-based wireless signal classifiers.
A certified defense based on randomized smoothing that augments training data with noise is introduced to make the modulation classifier robust to adversarial perturbations.
arXiv Detail & Related papers (2020-05-11T15:42:54Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.